There's a lot of press in the PC world about how Macs are now enduring a malware attack. It's called the Flashback Trojan, and it apparently masquerades as an application to upgrade the Flash player. The information I have found on the web tells how to detect if you have it (I don't) and reaassures us that Apple has now fixed the problem.

What I have not been able to find is what the infection procedure looks like; more specifically, how can I tell the difference between malware and a legitimate Adobe upgrade?

I guess the problem I was addressing occurs at the time one sees this alert:

"Install Adobe Flash Player.app" is an

application downloaded from the internet.

Are you sure you want to open it?

Regardless of where you or I *think* the application may have come from, is there any way to doublecheck that the app on which you just double-clicked is not the imposter?

How are the legit installer and the malware different? Is there, perhaps some small difference in their icons, or does one of them have something spelled differently? You know -- the stuff they pass around about counterfeit twenties -- How is it different?

All the web descriptions of the October Flashback say that it "masquerades" as a Flash Player installer, but they do not give details. Just how good is this "masquerade"? What does the counterfeit installer do, or look like, that's different from the McCoy? Does it engender the same alert box, or is it slightly different in any way? I would like to have a way to doublecheck before I agree to open it.

I believe that this process will get easier in upcoming OS X releases, but in the meantime you should be able to verify that a Flash Player installer is from Adobe by using the digital signature embedded within the binary. You can do this via the command line in a terminal session. First, mount the installer .dmg and in a terminal window, type: